Skip to main content
  1. Home
  2. Computing
  3. News

Data-stealing bug prompts Comcast to shut down Xfinity activation website

By
comcast xfinity store
Ken Wolter/123rf

Two security researchers uncovered a bug within Comcast’s online activation portal that revealed a customer’s home address along with the Wi-Fi network name and password in plain text. Within hours of learning of the flaw uncovered by Karan Saini and Ryan Stevenson, Comcast shut down the Xfinity activation site, citing customer security as its top concern.

In order for customers to activate their routers, they have to visit an Xfinity activation website to enter some user information in order to setup their router and service. Saini and Stevenson discovered that even though the website asks for a customer’s full address, just an apartment or house number was needed along with an account ID. Both pieces of information required to gain access to the activation portal could easily be found on a discarded bill.

Recommended Videos

The activation portal continues to work and return information about the customer and the Wi-Fi network even after the router and home broadband service has been activated.

Related

If a customer is using a Comcast or Xfinity-branded router, then the activation portal continues to return updated network information, so if a customer changes the network name or password, that latest information would be displayed on the activation portal. ZDNet noted that there’s no way for a customer to opt out of this system. For customers using their own router, the publication discovered that the portal doesn’t have access to the Wi-Fi network name and password to display.

On the primary level, the security concern is that customer’s network data and home address isn’t protected by requiring information that’s not readily available through an account statement. Further, once a hacker obtains the network data, they can use it in a malicious manner if they’re within close proximity to the Wi-Fi network. The network ID and password could be used to gain access to unencrypted web traffic that passes through the router. Additionally, hackers can also temporarily lock users out by changing the network name and password once they have access.

Comcast has since disabled this feature on its website to correct the security flaw. “Within hours of learning of this issue, we shut it down,” a Comcast spokesperson told ZDnet. “We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.” In a separate statement to Gizmodo, Comcast noted that it doesn’t believe that any data was improperly accessed as a result of this bug.

News of the bug comes at a time when Comcast is launching its own mesh networking accessory.

Editors’ Recommendations

Topics
Chuong Nguyen
Chuong Nguyen
Former Digital Trends Contributor
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
The best VR headsets for 2024
Fionna Ahomuoh using the Meta Quest 3 VR headset.

Virtual reality is finally crossing a threshold when everyone should be taking a closer look. As the number of VR headsets increases, getting the best one is important so you can truly appreciate what's possible. The challenge is finding the system that's right for you at a price you feel comfortable with.

Meta, HTC Vive, Sony, and Pimax stand out as the most popular and most active virtual reality brands. There's little doubt the $3,500 Apple Vision Pro is an impressive mixed-reality headset. However, there are plenty of other XR and VR headsets that are much more affordable than the Vision Pro and deliver a great, immersive experience for gaming, 3D movies, and even productivity. It's a good idea to check out all the options, and we've collected the very best here to make it easy to find the perfect VR headset for you.

Read more
How to know which Mac to buy — and when to buy it
The M4 Mac mini being used in a workplace.

If you’re in the market for a new Mac (or Apple display), there’s a lot of choice ahead of you. Maybe you're interested in a lightweight MacBook Air from the selection of the best MacBooks -- or maybe one of the desktop Macs. Either way, there’s a wide variety of Apple products on offer, including some external desktop monitors.

Below you'll find the latest information on each model, including if it's a good time to buy and when the next one up is coming.
MacBook Pro

Read more
AMD Ryzen AI claimed to offer ‘up to 75% faster gaming’ than Intel
A render of the new Ryzen AI 300 chip on a gradient background.

AMD has just unveiled some internal benchmarks of its Ryzen AI 9 HX 370 processor. Although it's been a few months since the release of the Ryzen AI 300 series, AMD now compares its CPU to Intel's Lunar Lake, and the benchmarks are highly favorable for AMD's best processor for thin-and-light laptops. Let's check them out.

For starters, AMD compared the Ryzen AI 9 HX 370 to the Intel Core Ultra 7 258V. The AMD CPU comes with 12 cores (four Zen 5 and eight Zen 5c cores) and 24 threads, as well as 36MB of combined cache. The maximum clock speed tops out at 5.1GHz, and the CPU offers a configurable thermal design power (TDP) ranging from 15 watts to 54W. Meanwhile, the Intel chip sports eight cores (four performance cores and four efficiency cores), eight threads, a max frequency of 4.8GHz, 12MB of cache, and a TDP ranging from 17W to 37W. Both come with a neural processing unit (NPU), and AMD scores a win here too, as its NPU provides 50 trillion operations per second (TOPS), while Intel's sits at 47 TOPS. It's a small difference, though.

Read more